[nsp-sec] More stolen FTP credentials

Gabriel Iovino giovino at ren-isac.net
Thu Mar 17 11:00:33 EDT 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 3/17/2011 10:01 AM, Thomas Hungenberg wrote:
> please find below another list of stolen FTP credentials found on a malware C&C.
> Unfortunately, I don't have information on when these credentials have been stolen,
> so this could be recent data or maybe also an older collection.

ACK:

> 3     | 18.63.2.155     | MIT-GATEWAYS - Massachusetts Institute of Technology
> 18    | 146.6.72.41     | UTEXAS - University of Texas at Austin
> 18    | 146.6.72.42     | UTEXAS - University of Texas at Austin
> 55    | 130.91.168.26   | UPENN-CIS - University of Pennsylvania
> 55    | 165.123.11.193  | UPENN-CIS - University of Pennsylvania
> 81    | 150.216.70.236  | NCREN - MCNC
> 81    | 150.216.70.236  | NCREN - MCNC
> 81    | 152.12.30.58    | NCREN - MCNC
> 237   | 141.217.48.36   | MERIT-AS-14 - Merit Network Inc.
> 237   | 148.61.1.59     | MERIT-AS-14 - Merit Network Inc.
> 237   | 148.61.1.59     | MERIT-AS-14 - Merit Network Inc.
> 237   | 207.74.27.2     | MERIT-AS-14 - Merit Network Inc.
> 237   | 35.8.163.34     | MERIT-AS-14 - Merit Network Inc.
> 239   | 128.100.132.23  | UTORONTO-AS - University of Toronto
> 1249  | 138.110.14.136  | FIVE-COLLEGES-AS - Five Colleges Network
> 2381  | 198.150.15.144  | WISCNET1-AS - WiscNet
> 2381  | 198.150.15.144  | WISCNET1-AS - WiscNet
> 3359  | 129.128.66.17   | U-ALBERTA - University of Alberta
> 3452  | 138.26.84.26    | UAB-AS - University of Alabama at Birmingham
> 6325  | 216.124.168.6   | ILLINOIS-CENTURY - Illinois Century Network
> 6325  | 66.99.13.70     | ILLINOIS-CENTURY - Illinois Century Network
> 7925  | 157.182.45.171  | WVNET - West Virginia Network for Educational Telecomputing
> 7973  | 129.176.209.4   | MAYO - Mayo Foundation for Medical Education and Research
> 7973  | 129.176.209.4   | MAYO - Mayo Foundation for Medical Education and Research
> 10430 | 168.156.248.53  | WA-K20 - Washington State K-20 Telecommunications Network
> 12145 | 129.82.103.92   | COLORADOSTATEUNIV - Colorado State University
> 13327 | 157.89.36.201   | EKU - Eastern Kentucky University
> 16462 | 142.104.128.214 | UVIC-AS - University of Victoria
> 17135 | 132.235.197.163 | OHIOU - Ohio University
> 25829 | 160.111.252.23  | SMITHSONIAN - Smithsonian Institution
> 32654 | 69.38.205.26    | TWRS-CHI - Towerstream I, Inc.
> 32654 | 69.38.205.29    | TWRS-CHI - Towerstream I, Inc.
> 32666 | 129.22.129.22   | CWRU-AS-1 - Case Western Reserve University
> 32666 | 129.22.129.22   | CWRU-AS-1 - Case Western Reserve University
> 32818 | 137.148.96.17   | CSUOHIO-AS - Cleveland State University Computer Services
> 36375 | 141.214.67.55   | UMICH-AS-5 - University of Michigan
> 46887 | 143.48.220.121  | LIGHTOWER - Lightower Fiber Networks

We will generate some sanitized notifications.

Thank you!

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2CIhEACgkQwqygxIz+pTv1ewCgqmpepV/itAEsgjJ9n+q/0sxL
T+sAn1lLbbZ57/DxTBdMLwRafygeUuEa
=QklS
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list